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DETAILED ACTION 

Priority 

1 . Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 

1 19(a)-(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged. Priority is claimed 
under Provisional Applications 09040898. 

Information Disclosure Statement 

2. For the record, the Examiner acknowledges that the IDS submitted on 
04/24/2003. It has been received and considered. 

Oath/Declaration 

3. For the record, the Examiner acknowledges that the Oath/Declaration submitted 
on 03/21/2004 has been received and considered. 

Drawings 

4. For the record, the Examiner acknowledges that the Drawings submitted on 
10/09/2003 have been received and considered. 

Specification 

5. For the record, the Examiner acknowledges that the Specification submitted on 
10/09/2003 has been received and considered. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

<> 

Claims 1-10, 15-21, 27-29 and 30-33 are rejected under 35 U.S.C. 102(b) as 
being disclosed by Malkin et al. 

Regarding claims 1, 27- 29 and 31 , Malkin et al. , discloses a method for blocking 
an attack on a private network implemented by a routing device interconnecting 
the private network to a public network, comprising: receiving a request for 
connection from an initiator, over the public network (col. 2 lines 40-47 - "RAS 
using [identification] ... information to generate a remote authentication request 
that is sent to the appropriate Authentication Server (AS)"); requesting an 
acknowledgment from the initiator of the request (col. 2 lines 57-64 - "Once the 
user is authenticated by the AS , the Remote Access Server (RAS) begins to 
establish a 'tunnel' with the appropriate gateway by generating and sending a 
tunnel registration request ), determining whether the acknowledgment has 
been received within a predetermined amount of time; and denying the request if 
the acknowledgment is not received within the predetermined amount of time 
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(col. 2 lines 65-67 and col. 3 lines 1-5 - "gateway completes the tunnel by 
responding to the RAS with a tunnel registration response. Once the tunnel is 
complete, the authentication phase of PPP is complete and the RAS may then 
perform the Network Control Protocol (NCP) negotiations with the remote node in 
order to finish establishing open communication between the remote node and 
the home network"). 

Regarding claim 2 . Malkin etal. . discloses the method of claim 1 , wherein the 
public network is the Internet (col. 3 lines 61-67 and col. 4 lines 1-9 - establishes 
a connection using the "Internet Protocol"). 

Regarding claim 3 , Malkin etal. . discloses the method of claim 2, wherein the 
t routing device is a firewall providing access to the Internet (col. 2 lines 57-64 - 
"gateway"). 

Regarding claim 4 . Malkin et al. . discloses the method of claim 1 , further 
comprising processing the request if the acknowledgement is received (col. 2 
lines 65-67 and col. 3 lines 1-5 - "gateway completes the tunnel by responding to 
the RAS with a tunnel registration response. Once the tunnel is complete, the 
authentication phase of PPP is complete and the RAS may then perform the 
Network Control Protocol (NCP) negotiations with the remote node in order to 
finish establishing open communication between the remote node and the home 
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network"). 

Regarding claim 5 . Malkin etal. . discloses the method of claim 1 , further 
comprising adding an IP address of the initiator to a cache of IP addresses if the 
acknowledgement is not received (col. 4 lines 9-14 - "the RAS internally stores 
the information provided by the Tunnel Management System (TMS)"). 

Regarding claim 6 . Malkin et al. . discloses the method of claim 5, further 
comprising denying access through the routing device to any IP address on the 
cache of IP addresses (col. 5 lines 20-25 - "after a predetermined number of 
unsuccessful attempts, the RAS will terminate the PPP connection with the 
remote node [using the information internally stored information regarding said 
node]"). 

Regarding claim 7 . Malkin et al. . discloses the method of claim 1 , further 
comprising storing information about the initiator on a system log for analysis by 
the system administrator (col. 4 lines 9-14 - "the RAS internally stores the 
information provided by the Tunnel Management System (TMS)").). 

Regarding claim 8 . Malkin et al. . discloses the method of claim 1 , further 
comprising storing information about the request for connection on a system log 
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for analysis by the system administrator (col. 4 lines 9-14 - "the RAS internally 
stores the information provided by the Tunnel Management System (TMS)").). 

Regarding claim 9 . Malkin et al. . discloses the method of claim 1, further 
comprising determining if a prior request for an acknowledgement has been sent 
to an IP address associated with the initiator and been unacknowledged within a 
predetermined amount of time, if the acknowledgement is not received (col. 5 
lines 20-25 - "after a predetermined number of unsuccessful attempts, the RAS 
will terminate the PPP connection with the remote node"). 

Regarding claim 10 . Malkin et al. , discloses the method of claim 1, further 
comprising using diagnostic tools to determine additional information about a 
source of the request for connection (col. 2 lines 25-39 - "the remote node 
queries the service provider's TMS to obtain [additional information]"). 

Regarding claim 15 . Malkin et al. . discloses a method for blocking an attack on a 
private network implemented by a routing device interconnecting the private 
network to a public network, comprising: receiving an incoming data packet from 
the public network; comparing a source address of the data packet against 
known internal addresses of the private network; determining if the source • 
address matches a known internal address; and if there is a match: dropping the 
data packet; analyzing a header of the data packet; determining information 
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regarding a history of the packet; determining a real source of the data packet 
using the information regarding the history of the packet; and refusing to process 
any additional data packets received from the real source of the data packet 
(Rejected under the same rational as claim 1). 

Regarding claim 16 . Malkin et al. . discloses the method of claim 15, further 
comprising storing data about the data packet on a system log, for use and 
analysis by a system administrator (Rejected under the same rational as claim 

7)- 

Regarding claim 17 , Malkin et al. . discloses the method of claim 15, wherein the 
public network is the Internet (Rejected under the same rational as claim 2). 

Regarding claim 18 . Malkin et al. . discloses the method of claim 17, wherein the 
routing device is a firewall providing access to the Internet (Rejected under the 
same rational as claim 3). 

Regarding claim 19 . Malkin etal. . discloses the method of claim 15, further 
comprising forwarding the data packet to the private network if there is not a 
match (Rejected under the same rational as claim 6). 
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Regarding claim 20 . Malkin et al. . discloses the method of claim 15, further 
comprising adding an IP address of the data packet to a cache of IP addresses if 
there is a match (Rejected under the same rational as claim 6). 

Regarding claim 21 . Malkin et al. . discloses the method of claim 20, further 
comprising denying access through the routing device to any IP address on the 
cache of IP addresses (Rejected under the same rational as claim 6). 

Regarding claim 30 . Malkin et al. . discloses a system for blocking an attack on a 
private network, comprising: means for interconnecting a private network to a 
public network; means for receiving a request for connection from an initiator, 
over the public network; means for requesting an acknowledgment from the 
initiator of the request; means for determining whether the acknowledgment has 
been received within a predetermined amount of time and means for denying the 
request if the acknowledgment is not received within the predetermined amount 
of time (col. 5 lines 20-25 - "after a predetermined number of unsuccessful 
attempts, the RAS will terminate the PPP connection with the remote node"). 

Regarding claim 32 . Malkin et al. . discloses a software embodied in a computer- 
readable medium, the computer-readable medium comprising code operable to: 
interconnect a private network to a public network; receive a request for 
connection from an initiator, over the public network; request an acknowledgment 
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from the initiator of the request; determine whether the acknowledgment has 
been received within a predetermined amount of time; and deny the request if the 
acknowledgment is not received within the predetermined amount of time (col. 7 
lines 7-17). 

Regarding claim 33 , Malkin et al. . discloses a Software embodied in a computer- 
readable medium, the computer-readable medium comprising code operable to: 
receive an incoming data packet from the public network; compare a source 
address of the data packet against known internal addresses of the private 
network; determine if the source address matches a known internal address; and 
if there is a match: drop the data packet; analyze a header of the data packet; 
determine information regarding a history of the packet; determine a real source 
of the data packet using the information regarding the history of the packet; and 
refuse to process any additional data packets received from the real source of 
the data packet (col. 7 lines 7-17). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 11-14 and 2-26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Malkin et al. (US Patent No. 6,061,650) and further in view of 
Levinson et al. (US Application Publication No. 20030053170). 

Regarding claim 11 . Malkin etal. , is silent in disclosing the method of claim 10, 
wherein using diagnostic tools to determine additional information about a source 
of the request for connection comprises using trace root diagnostic tools to 
determine information about the source of the request for connection, however 
Levinson et al. does disclose network tools used in collection additional about a 
network (0008 - "network diagnostics"). It would have been obvious for one of 
ordinary skill in the art to modify the disclosed network diagnostic functions of 
Levinson et al. into the specific network diagnostic tools mentioned within the 
claim language such as "trace root, NeStat (NS) lookup, ping, etc." It would have 
been obvious because one of ordinary skill in the art would know that the 
disclosed "network diagnostic" functions comprises these specifically mentioned 
tools. 

Regarding claim 12 . Malkin et al. . discloses the method of claim 10, wherein 
using diagnostic tools to determine additional information about a source of the 
request for connection comprises using ping diagnostic tools to determine 
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information about the source of the request for connection (Rejected under the 
same rationale as claim 11). 

Regarding claim 13 , Malkin et al. , discloses the method of claim 10, wherein 
using diagnostic tools to determine additional information about a source of the 
request for connection comprises using NS lookup diagnostic tools to determine 
information about the source of the request for connection (Rejected under the 
same rationale as claim 11). 

Regarding claim 14 , Malkin et al. , discloses the method of claim 10, further 
comprising forwarding the additional information to a system administrator via 
electronic mail (0046 - "send a electronic message"). 

Regarding claim 22 , Malkin et al. . discloses the method of claim 15, further 
comprising using diagnostic tools to determine additional information about a 
source of the data packet (Rejected under the same rational as claim 11). 

Regarding claim 23 , Malkin et al. , discloses the method of claim 22, wherein 
using diagnostic tools to determine additional information about a source of the 
data packet comprises using trace root diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
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rational as claim 11). 

Regarding claim 24 , Malkin et al. , discloses the method of claim 22, wherein 
using diagnostic tools to determine additional information about a source of the 
data packet comprises using ping diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
rationale as claim 11). 

Regarding claim 25 , Malkin etal. , discloses the method of claim 22, wherein 
using diagnostic tools to determine additional information about a source of the 
data packet comprises using NS lookup diagnostic tools to determine additional 
information about the source of the data packet (Rejected under the same 
rational as claim 11). 

Regarding claim 26 , Malkin et al. , discloses the method of claim 22, further 
comprising forwarding the additional information to a system administrator via 
electronic mail (Rejected under the same rational as claim 11). 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chinwendu C. Okoronkwo whose telephone number is 
(571) 272 2662. The examiner can normally be reached on MWF 9:30 - 7:00. 
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If attempts to reach the examiner by telephone are unsuccessful,, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



273-8300. 
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